A belief that has always been widespread on the web is that malware is an exclusive thing of Windows, and that those who use macOS or Linux have little or nothing to worry about. When the reality is that the gigantic majority of computers use the Microsoft system and therefore are often the main target of the attacks.
However, evidence to prove that all systems are vulnerable is not something that is scarce, and now that ransomware is so “trendy” and that it begins to offer as a service (RaaS) in the darkest corners of the Dark Web, Have begun to appear strains whose purpose are the computers of the Apple.
Security researchers have uncovered what might be the first Dark Net portal to offer Mac-focused Ransomware-as-a-service (RaaS) . These are two websites that sell ransomware to any third-party cybercrime that does not have great technical knowledge.
Two Sites Which For Sophisticated Mac Ransomware Spyware
The two sites look almost exactly the same, one is called MacSpy and offers “the most sophisticated spyware for Mac ever created, free.” And, the other is called ” MacRansom”, and says the same thing, only offering ransomware instead of spyware.
To obtain any variable you must contact the author of the portal to send a sample, also offer “advanced” versions for a certain amount of Bitcoin. In Fortinet they did with a sample of MacRansom, and explain that a timer can be set at the request of the client who buys the ransomware so that it can delay the encryption of the data of the victim.
MacRansom does not seem to be very sophisticated, since it only encrypts a maximum of 128 files. But, it is capable of making files useless even if recovery tools are used. Once infected with MacRansom the victim receives a demand for x amount of Bitcoins and an email address in order to decrypt their files.
The variant MacSpy was investigated by the people of AlienVault, and although they notice that it is not especially cautious, it is still dangerous and offers options to spy on the victim either installed a keylogger, capturing screenshots and stealing files synchronized with iCloud.